CN104410533A - Network user behavior identification system - Google Patents
Network user behavior identification system Download PDFInfo
- Publication number
- CN104410533A CN104410533A CN201410785482.6A CN201410785482A CN104410533A CN 104410533 A CN104410533 A CN 104410533A CN 201410785482 A CN201410785482 A CN 201410785482A CN 104410533 A CN104410533 A CN 104410533A
- Authority
- CN
- China
- Prior art keywords
- user behavior
- network
- congestion control
- feature
- networks congestion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network user behavior identification system which comprises a user behavior feature library, a network data capture module, a user behavior establishing module and a user behavior matching module, wherein the user behavior feature library is used for storing feature information of network user behaviors; the network data capture module is used for capturing network data packets and establishing network data features; the user behavior establishing module is used for establishing user behavior modes; and the user behavior matching module is used for identifying network user behavior names. According to the system, detailed and classified network behavior feature libraries are established, the network data packets are captured, network behavior modes are established, the network user behaviors are precisely matched, the fine-grained network user behaviors can be effectively identified, and the system can be used for analyzing network access habits of a user, judging the network fault and optimizing network resource allocation, is accurate in the aspect of network user behavior analysis result and has wide application prospect.
Description
Technical field
The invention belongs to NTM network traffic management field, be specifically related to a kind of networks congestion control recognition system
Background technology
Along with the development of the Internet and the universal of computer, the quantity rapid development of the network user, network behavior becomes one of most important social phenomenon in human behavior gradually, the depth development of the Internet makes network traffic roll up, the frequency of customer access network business also sharply rises, and needs badly and effectively identifies networks congestion control.Networks congestion control identification is the important technology of NTM network traffic management, its recognition result is the important evidence of the network management of the science of carrying out, and existing network user behavior recognition technology lacks the fine granularity analysis to network user's real-time communication data, its network data specific aim analyzed is not strong, and user behavior feature is more wide in range, classification is not done to networks congestion control, reduce the accuracy of networks congestion control identification.
The patent No. is the Chinese invention patent of 201210374292.6, disclose a kind of networks congestion control information analysis system and analytical method thereof, this system comprises the networks congestion control data acquisition module connected successively, networks congestion control data are for processing module, networks congestion control data memory module, networks congestion control data analysis module, analysis result display module; Method comprises the collection of data, the preliminary treatment of data, the conversion of data, the steps such as the analysis of data and the display of data, and the present invention does not carry out classification to networks congestion control feature, in the analysis result of networks congestion control, lack accuracy.
Summary of the invention
For Problems existing and deficiency in all technology, the present invention proposes a kind of networks congestion control recognition system, the network behavior feature database of this system constructing classification, catch network packet, set up network behavior pattern, and networks congestion control is mated accurately, can effectively identify fine-grained networks congestion control, can be used for analyzing customer access network custom, decision network fault, Optimizing Network Resources distribution etc., have broad application prospects.
In order to solve the problems of the technologies described above, the present invention realizes in the following manner:
A kind of networks congestion control recognition system, by user behavior feature database, Network Data Capturing module, user behavior builds module and user behavior matching module is formed, described user behavior feature database is used for the characteristic information of storage networking user behavior, Network Data Capturing module is for capturing network packet and building network data feature, user behavior builds module and is used for setting up networks congestion control pattern, and user behavior matching module is used for recognition network user behavior title.
A kind of networks congestion control recognition system, comprises following step:
1) user behavior feature database is built;
2) Network Data Capturing module catches the network packet that the network user sends or receives, and forms network data characteristic information;
3) user behavior builds module and read network data feature from Network Data Capturing module, and builds networks congestion control pattern with its key message;
4) user behavior matching module builds module from user behavior and reads networks congestion control pattern, and the networks congestion control feature in itself and user behavior feature database is compared, and finds out the networks congestion control title with networks congestion control pattern matching.
Compared with prior art, the beneficial effect that the present invention has: the network behavior feature database of this system constructing classification, catch network packet, set up network behavior pattern, and networks congestion control is mated accurately, can effectively identify fine-grained networks congestion control, can be used for analyzing customer access network custom, decision network fault, Optimizing Network Resources distribute, in the analysis result of networks congestion control accurately, have broad application prospects.
Accompanying drawing explanation
Fig. 1 is structural representation of the present invention;
Fig. 2 is fundamental diagram of the present invention;
Fig. 3 is the flow chart of steps building user behavior feature database;
Fig. 4 is the flow chart of steps of Network Data Capturing;
Fig. 5 is the flow chart of steps building networks congestion control module;
Fig. 6 is the flow chart of steps of match user behavioural characteristic.
Embodiment
Below in conjunction with the drawings and specific embodiments, the specific embodiment of the present invention is described in further detail.
As shown in Figure 1, a kind of networks congestion control recognition system, by user behavior feature database, Network Data Capturing module, user behavior builds module and user behavior matching module is formed, described user behavior feature database is used for the characteristic information of storage networking user behavior, Network Data Capturing module is for capturing network packet and building network data feature, user behavior builds module and is used for setting up networks congestion control pattern, and user behavior matching module is used for recognition network user behavior title.
As shown in Figure 2, the present invention builds a user behavior feature database, and adopts Network Data Capturing module, user behavior structure module and user behavior matching module to identify networks congestion control;
The characteristic information of user behavior feature database storage networking user behavior, each networks congestion control feature comprises field information: " sequence number ", " port numbers ", " IP address " and " behavior title ", wherein, " sequence number " is the numbering of a networks congestion control feature, " port numbers " sends the destination slogan of data or receive the source port number of data, " IP address " sends the destination address of data or receive the source address of data, and " behavior title " is the networks congestion control title of a networks congestion control feature representative;
Network Data Capturing module catches the network packet that the network user sends or receives, and extracts key feature information from network packet, constructs network data characteristic information;
User behavior builds module and read network data feature from Network Data Capturing module, according to network data characteristic information, constructs networks congestion control pattern;
User behavior matching module builds module from user behavior and reads networks congestion control pattern, is compared by the networks congestion control characteristic information in itself and user behavior feature database, identifies the networks congestion control with networks congestion control pattern matching.
Particularly, specifically the comprising the following steps of tectonic network user behavior recognition system of the present invention:
1) user behavior feature database is built;
2) network data is caught;
3) networks congestion control pattern is built;
4) match user behavioural characteristic.
As shown in Figure 3, give the concrete grammar building user behavior feature database, comprise and set up user behavior feature database list structure, set up feature with the user behavior title of port numbers and correspondence thereof, set up characteristic sum by user behavior feature input user behavior feature database with the user behavior title of port numbers and IP address and correspondence thereof, concrete steps are as follows:
11) user behavior feature database list structure is set up:
111) field of user behavior feature database table is established as " sequence number ", " port numbers ", " IP address " and " behavior title ";
112) " sequence number " field is defined as major key field;
12) feature is set up with the user behavior title of port numbers and correspondence thereof:
Set up the networks congestion control feature only having port numbers and networks congestion control title;
13) feature is set up with the user behavior title of port numbers and IP address and correspondence thereof:
Set up the networks congestion control feature containing port numbers, IP address and networks congestion control title;
14) by user behavior feature input user behavior feature database:
By the above 12nd) and 13) step set up networks congestion control feature be input to user behavior feature database.
As shown in Figure 4, give the concrete grammar of catching network data, comprise and catch network packet, acquisition network layer and transport layer header packet information, extraction packet header key feature and build network data feature, concrete steps are as follows:
21) network packet is caught: catch the network data that the network user sends and receives;
22) obtain network layer and transport layer header packet information, concrete steps are as follows:
221) network layer data handbag header is obtained;
222) transport layer data handbag header is obtained;
23) extract packet header key feature, concrete steps are as follows:
231) source IP address and the object IP address information of network layer data handbag head is obtained;
232) source port number and the destination number information of transport layer data handbag head is obtained;
24) network data feature is built:
Network data feature is built with the source IP address obtained, source port number, object IP address and destination slogan.
As shown in Figure 5, give the concrete grammar building networks congestion control pattern, comprise reading network data feature, judge whether network data feature reads complete, to determine whether transmission packet, extraction object IP address and destination slogan as user behavior pattern, extraction source IP address and source port number as user behavior pattern, and concrete steps are as follows:
31) network data feature is read: read network data feature from Network Data Capturing module;
32) judge whether network data feature reads complete, concrete steps are as follows:
321) judge whether it is the last item network data feature;
322) judge next step step operated: if read complete, terminate to build networks congestion control pattern;
33) determine whether the packet sent, concrete steps are as follows:
331) judge whether it is the network packet that the network user sends;
332) judge next step step operated: if not the network packet sent, perform step 35);
34) extract object IP address and destination slogan as user behavior pattern and perform step 31);
35) extract source IP address and source port number as user behavior pattern and perform step 31).
As shown in Figure 6, give the concrete grammar of match user behavioural characteristic, comprise reading networks congestion control pattern, judge whether user behavior pattern reads complete, to judge the feature that whether user behavior pattern finds the feature of coupling in user behavior feature database, acquisition matches that port numbers and IP address build networks congestion control name information, exports the networks congestion control title recognized, and concrete steps are as follows:
41) networks congestion control pattern is read: build module from user behavior and read networks congestion control pattern;
42) judge whether user behavior pattern reads complete, concrete steps are as follows:
421) judge whether it is the last item networks congestion control pattern;
422) judge next step step operated: if read complete, terminate match user behavioural characteristic;
43) judge whether the user behavior pattern of port numbers and IP address structure finds the feature of coupling in user behavior feature database:
431) judge whether the user behavior pattern of port numbers and IP address structure finds the step of the feature of coupling in user behavior feature database;
432) judge next step step operated: the feature of if there is no mating, perform step 41);
44) the networks congestion control name information of the feature matched is obtained:
Find the networks congestion control feature record matched, read the networks congestion control name field information of this record;
45) export the networks congestion control title recognized and perform step 41): by the networks congestion control title packing recognized
Become to be applicable to the data of the form of external system needs, and export, then perform step 41).
The above is only embodiments of the present invention; again state, for those skilled in the art, under the premise without departing from the principles of the invention; can also carry out some improvement to the present invention, these improvement are also listed in the protection range of the claims in the present invention.
Claims (6)
1. a networks congestion control recognition system, it is characterized in that: by user behavior feature database, Network Data Capturing module, user behavior builds module and user behavior matching module is formed, described user behavior feature database is used for the characteristic information of storage networking user behavior, Network Data Capturing module is for capturing network packet and building network data feature, user behavior builds module and is used for setting up networks congestion control pattern, and user behavior matching module is used for recognition network user behavior title.
2. a kind of networks congestion control recognition system according to claim 1, is characterized in that: comprise following step:
1) user behavior feature database is built;
2) Network Data Capturing module catches the network packet that the network user sends or receives, and forms network data characteristic information;
3) user behavior builds module and read network data feature from Network Data Capturing module, and builds networks congestion control pattern with its key message;
4) user behavior matching module builds module from user behavior and reads networks congestion control pattern, and the networks congestion control feature in itself and user behavior feature database is compared, and finds out the networks congestion control title with networks congestion control pattern matching.
3. a kind of networks congestion control recognition system according to claim 2, is characterized in that: described step 1) specifically comprise following step:
11) user behavior feature database list structure is set up:
111) field of user behavior feature database table is established as " sequence number ", " port numbers ", " IP address " and " behavior title ";
112) " sequence number " field is defined as major key field;
12) feature is set up with the user behavior title of port numbers and correspondence thereof:
Set up the networks congestion control feature only having port numbers and networks congestion control title;
13) feature is set up with the user behavior title of port numbers and IP address and correspondence thereof:
Set up the networks congestion control feature containing port numbers, IP address and networks congestion control title;
14) by user behavior feature input user behavior feature database:
By the above 12nd) and 13) step set up networks congestion control feature be input to user behavior feature database.
4. a kind of networks congestion control recognition system according to claim 2, is characterized in that: described step 2) specifically comprise following step:
21) network packet is caught: catch the network data that the network user sends and receives;
22) obtain network layer and transport layer header packet information, concrete steps are as follows:
221) network layer data handbag header is obtained;
222) transport layer data handbag header is obtained;
23) extract packet header key feature, concrete steps are as follows:
231) source IP address and the object IP address information of network layer data handbag head is obtained;
232) source port number and the destination number information of transport layer data handbag head is obtained;
24) network data feature is built:
Network data feature is built with the source IP address obtained, source port number, object IP address and destination slogan.
5. a kind of networks congestion control recognition system according to claim 2, is characterized in that: described step 3) specifically comprise following step:
31) network data feature is read: read network data feature from Network Data Capturing module;
32) judge whether network data feature reads complete, concrete steps are as follows:
321) judge whether it is the last item network data feature;
322) judge next step step operated: if read complete, terminate to build networks congestion control pattern;
33) determine whether the packet sent, concrete steps are as follows:
331) judge whether it is the network packet that the network user sends;
332) judge next step step operated: if not the network packet sent, perform step 35);
34) extract object IP address and destination slogan as user behavior pattern and perform step 31);
35) extract source IP address and source port number as user behavior pattern and perform step 31).
6. a kind of networks congestion control recognition system according to claim 2, is characterized in that: described step 4) specifically comprise following step:
41) networks congestion control pattern is read: build module from user behavior and read networks congestion control pattern;
42) judge whether user behavior pattern reads complete, concrete steps are as follows:
421) judge whether it is the last item networks congestion control pattern;
422) judge next step step operated: if read complete, terminate match user behavioural characteristic;
43) judge whether the user behavior pattern of port numbers and IP address structure finds the feature of coupling in user behavior feature database:
431) judge whether the user behavior pattern of port numbers and IP address structure finds the step of the feature of coupling in user behavior feature database;
432) judge next step step operated: the feature of if there is no mating, perform step 41);
44) the networks congestion control name information of the feature matched is obtained:
Find the networks congestion control feature record matched, read the networks congestion control name field information of this record;
45) export the networks congestion control title recognized and perform step 41): the data networks congestion control title recognized being packaged into the form of applicable external system needs, and export, then perform step 41).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410785482.6A CN104410533A (en) | 2014-12-17 | 2014-12-17 | Network user behavior identification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410785482.6A CN104410533A (en) | 2014-12-17 | 2014-12-17 | Network user behavior identification system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104410533A true CN104410533A (en) | 2015-03-11 |
Family
ID=52648131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410785482.6A Pending CN104410533A (en) | 2014-12-17 | 2014-12-17 | Network user behavior identification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104410533A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516211A (en) * | 2016-02-06 | 2016-04-20 | 北京祥云天地科技有限公司 | Method, device and system for recognizing database accessing behaviors based on behavior model |
| CN106161098A (en) * | 2016-07-21 | 2016-11-23 | 四川无声信息技术有限公司 | A kind of network behavior detection method and device |
| CN108023779A (en) * | 2017-12-20 | 2018-05-11 | 杭州云屏科技有限公司 | A kind of method and system based on network traffic analysis user behavior |
| CN108156141A (en) * | 2017-12-14 | 2018-06-12 | 北京奇艺世纪科技有限公司 | A kind of real time data recognition methods, device and electronic equipment |
| CN109327430A (en) * | 2018-08-01 | 2019-02-12 | 中国科学院、水利部成都山地灾害与环境研究所 | A kind of user request analysis method and apparatus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102185762A (en) * | 2011-04-19 | 2011-09-14 | 北京网康科技有限公司 | Equipment for recognizing, extracting and processing user data sending behavior |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
-
2014
- 2014-12-17 CN CN201410785482.6A patent/CN104410533A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102185762A (en) * | 2011-04-19 | 2011-09-14 | 北京网康科技有限公司 | Equipment for recognizing, extracting and processing user data sending behavior |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516211A (en) * | 2016-02-06 | 2016-04-20 | 北京祥云天地科技有限公司 | Method, device and system for recognizing database accessing behaviors based on behavior model |
| CN106161098A (en) * | 2016-07-21 | 2016-11-23 | 四川无声信息技术有限公司 | A kind of network behavior detection method and device |
| CN106161098B (en) * | 2016-07-21 | 2019-04-30 | 四川无声信息技术有限公司 | A kind of network behavior detection method and device |
| CN108156141A (en) * | 2017-12-14 | 2018-06-12 | 北京奇艺世纪科技有限公司 | A kind of real time data recognition methods, device and electronic equipment |
| CN108023779A (en) * | 2017-12-20 | 2018-05-11 | 杭州云屏科技有限公司 | A kind of method and system based on network traffic analysis user behavior |
| CN109327430A (en) * | 2018-08-01 | 2019-02-12 | 中国科学院、水利部成都山地灾害与环境研究所 | A kind of user request analysis method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102035698B (en) | HTTP tunnel detection method based on decision tree classification algorithm | |
| CN104410533A (en) | Network user behavior identification system | |
| CN111385297B (en) | Wireless device fingerprint identification method, system, device and readable storage medium | |
| CN101414939B (en) | Internet application recognition method based on dynamical depth package detection | |
| CN109309630A (en) | A kind of net flow assorted method, system and electronic equipment | |
| CN107623754B (en) | WiFi acquisition system and method based on authenticity MAC identification | |
| CN109861957A (en) | A kind of the user behavior fining classification method and system of the privately owned cryptographic protocol of mobile application | |
| CN103200133A (en) | Flow identification method based on network flow gravitation cluster | |
| CN103297267B (en) | A kind of methods of risk assessment of network behavior and system | |
| CN101184000A (en) | Packet sampling and application signature based internet application flux identifying method | |
| CN107040405B (en) | Passive type various dimensions host Fingerprint Model construction method and its device under network environment | |
| CN106789242A (en) | A kind of identification application intellectual analysis engine based on mobile phone client software behavioral characteristics storehouse | |
| WO2021114985A1 (en) | Companionship object identification method and apparatus, server and system | |
| CN110034970A (en) | The network equipment distinguishes method of discrimination and device | |
| CN106452859A (en) | Automatic cell phone number characteristic keyword extraction method under fixed network WiFi environment | |
| CN103297440A (en) | Method, device and network equipment for establishing application traffic feature library | |
| CN110493235A (en) | A kind of mobile terminal from malicious software synchronization detection method based on network flow characteristic | |
| CN104657747A (en) | Online game stream classifying method based on statistical characteristics | |
| CN113283498A (en) | VPN flow rapid identification method facing high-speed network | |
| CN102984242B (en) | A kind of automatic identifying method of application protocol and device | |
| CN109144837B (en) | User behavior pattern recognition method supporting accurate service push | |
| CN110225009A (en) | It is a kind of that user's detection method is acted on behalf of based on communication behavior portrait | |
| CN108650145A (en) | Phone number characteristic automatic extraction method under a kind of home broadband WiFi | |
| Wu et al. | Identifying potential standard essential patents based on text mining and generative topographic mapping | |
| CN116232696A (en) | Encryption traffic classification method based on deep neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150311 |